PVA Series – user context in Power Virtual Agent
In my previous post you were able to learn how to authenticate user in Power Virtual Agent. This post is about getting and using context of the authenticated user.
Authentication in PVA
Authentication in PVA is quite simple. It is built out of the below steps basically.
- User enters communication with the Bot
- Bot display button to log in
- User provides credentials
- After is logged in, authentication provider (AAD in this case) returns validation code
- Validation code, once provided back in a chat window, generates and stores bearer token in the AuthToken variable.
Using the user’s context
To use now context of the user in your Power Automate, you have to use obtained bearer token as the authorization method.
Important! Power Automate flows having actions with a defined connection, authorized for different user, will not be executed using the context of the user from bot conversation.
To use context of a user you have to choose actions, that will authenticate on-the-go, for example HTTP (Premium). Then provide the token as the parameter in “Action” calling Power Automate:
And finally use the passed token from PVA as the “Raw” authentication method:
In result you will be able (in this example) to call Graph API using context of a user who is authenticated in the conversation with a bot.
And that’s it. I hope this will help you benefit from calling action with user context and therefore personalize user experience in your Power Virtual Agents conversations. If you have any questions post them in comments below!
Please I am struggling to find the Get User Profile connector above
How do I easily get this
It’s not a ready to use action. This is “HTTP” action to call Graph API.
The Get User Profile action fails for me with the message “Access token validation failure. Invalid audience.” Any suggestions ?
I suggest you to check the Authorization configuration in my first post: https://poszytek.eu/en/microsoft-en/office-365-en/pva-en/pva-series-authentication-in-power-virtual-agent/, especially Token URL Template.
Since I don’t have permissions in my organization’s AAD, I requested my admin to register my bot in
AAd with steps mentioned in https://poszytek.eu/en/microsoft-en/office-365-en/pva-en/pva-series-authentication-in-power-virtual-agent/. I configured the authentication and it works fine in bot, but in the flow the http action gives an error.
“message”: “Insufficient privileges to complete the operation.”}
So the authentication works fine. That’s cool. What are you trying to accomplish in Power Automate? What endpoint are you calling via http action?
I am taking a reference from this article. You have used HTTP action which you have renamed as Get user profile in the image above. I’m doing the same with the same endpoint “https://graph.microsoft.com/v1.0/me/” with raw authentication and bearer with auth token. I want to get user email and name from auth token.
If that’s the case, then be sure that registered app is also given the scope “Users.Read.All” from Graph API group. This one is required to actually obtain users data from Graph on behalf of someone. AND – that the admin consent is granted 🙂
I’m trying to get the user data based on the AuthToken,. but I am also having a problem with a message:
“message”: “Insufficient privileges to complete the operation.”
when fetching result from https://graph.microsoft.com/v1.0/me/
For the App registration I’ve added User.Read.All privilege and submitted admin consent for this one. Any ideas?
You need to grant “User.Read.All” and “openid”: https://poszytek.eu/en/microsoft-en/office-365-en/pva-en/pva-series-authentication-in-power-virtual-agent/ 🙂
thankyou good article.
Do you have any idea how to get the PowerVA session ID for someone who is not authenticated ? Is this possible ? For example an external user who is not part of the microsoft org ?
What do you mean a session ID? Like a unique GUID for a conversation? So there is nothing like that ootb. You can call a Power Automate to generate a guid (there is even the function called guid() for that) and return to conversation or to store it along with other data about the conversation.
I found the guid() function, just wasn’t sure if it was unique enough to use as-is. I read up on it and I think it probably is.
Now my PVA bot calls an action as the first thing it does, to get a GUID and store it in a PVA variable which the PVA bot then passes back and forth to subsequent actions.
thanks for your help.
Pingback: Personalizing Power Virtual Agents for Authenticated Users - YouTube - 365 Community
How do you pass the authtoken to power automate? I only have the option to take a user’s input from Power Agent.
AuthToken is one of the outcomes of the “Authenticate” action. If you don’t have such Action, please follow steps described here: https://poszytek.eu/en/microsoft-en/office-365-en/pva-en/pva-series-authentication-in-power-virtual-agent/ to configure authentication provider for your PVA.
That portion works great, thanks to your post but the option to pass the authToken to flow so I can get the user information does not seem to appear for me.
see image here…
I have same issue. Seems like there may be an issue with topics available as well. Based on what I have seen in other tutorials, there are a number of topics that I am not seeing in my tenant. I have only a small handful of basic ones. Maybe it’s a licensing thing or perhaps our environment is not provisioned for everything. We have an EDU tenant. Or maybe some of the functionality is still in Preview?
PVA starts with a number of system settings. The other, pre-created ones were available in older version, as PVA was directly coming from Dynamics. Today there are 5 user topics, pre-created.
Has PVA interface changed since this was published? I have gone thru all of the steps to register to app, gotten to the point of getting the chatbot authenticated, get the prompt for the access code, paste it back and user authenticated message is displayed when testing. But I do not see any action to get user information from Flow. I can call a Flow action from PVA canvas, but once in Flow the only actions are to add a basic input text or number static text and return value of same. What am I missing? I just want to get the authenticated user’s profile information (name, location, etc.) and return in a message in the bot. In PVA canvas, below the “you’re now logged in” action, the only Call an Action options available are Authenticate (again) and Create a flow. I don’t see any way to pass the AuthToken to the flow itself. I have scope set as openid profile User.Read.
Hi, you need to pass the token variable from PVA to Power Automate via a text input. Then call Graph API to get user’s data. And then return outputs using text outcomes. Interface didn’t change.
Ok, thanks. I ended up figuring this out thru trial and error and a few other sites. For anyone out there who is struggling with this part, you have to create the Flow *first* inside your PVA canvas, added a text input and however many outputs you expect to have. Save the Flow and then delete the Flow action in PVA and re-add it. It will then show the input and output parameters. You then pass the authtoken as an input and use it in a call to Microsoft Graph like Tomasz demonstrates in the HTTP Request action in Flow (bearer parameter). Then you can use Flow in the usual way to get your JSON response, parse it and assign the parsed content to your PVA output so it can return the data to PVA chatbot. There’s several steps and right now you sort of have to piece these steps from various postings from folks like Tomasz and Microsoft docs. Very powerful once you get the set up and steps clear in your head.
Hi, I have integrated powerVA with power BI and not sure how to fetch userdetails of active session. I mean i want to add feature for BOT to auto recognize user name from logged in powerBI user and gets Name, email etc
There is no way to do this as of today.
Hi Tomasz! I have set up the authentication for my PVA and all is working fine – it authenticates in a browser version and in Teams where my bot is deployed. I want, however, for the bot to know who it is talking to by pulling user data through the flow. I have tried so many things inlcuding the HTPP and parsing json but I can’t seem to be able to get it working. As you mentioned, there’s a ton of incomplete instructions on how to set this up all over blogs and microsoft docs, and I was wondering sicne you had just recently figured it out if you could share the step-by-step? It would be much appreciated! Ksenia
Hi, this is not possible to get user context who talks with bot from Power Automate. You can pass user’s Bearer Token once they authenticate in PVA session to Power Automate, so that next you can use it to eg. call Graph API.
Hello, nice article I must say. Just a question….is it possible to pass the context variable from PVA to the Application Tab in D365 Omnichannel during the handoff to an Agent? Thanks!
I don’t know tbh, I haven’t done it myself. However documentation states that the full context of conversation is passed to the human agent: https://docs.microsoft.com/en-us/power-virtual-agents/configuration-hand-off-omnichannel
We are planning to use PVA on power apps portal. Employee will be logging into portal using Azure AD.
When communicating via chatbot on portal we do not want employees to re login instead bot should actively start communication such as “Hello John”. For the logged in user, I wonder we could get automatically get the ir “ObjectID”from Azure AD? we can then use this Id to query CRM via flow and get user name therefore give a personalised welcome prompt….
You can try to configure SSO for your PVA. I haven’t done it myself though: https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso